This invention relates to encryption, and more particularly, to identity-based encryption schemes.
Cryptographic systems are used to provide secure communications services such as secure email services and secure web browsing.
With symmetric key cryptographic systems, the sender of a message uses the same key to encrypt the message that the receiver of the message uses to decrypt the message. Symmetric-key systems require that each sender and receiver exchange a shared key in a secure manner.
With public-key cryptographic systems, two types of keys are used—public keys and private keys. Senders may encrypt messages using the public keys of the receivers. Each receiver has a private key that is used to decrypt the messages for that receiver.
One public cryptographic system that is in use is the RSA cryptographic system. Each user in this system has a unique public key and a unique private key. A sender using the system may obtain the public key of a given receiver from a key server connected to the Internet. To ensure the authenticity of the public key and thereby defeat possible man-in-the-middle attacks, the public key may be provided to the sender with a certificate signed by a trusted certificate authority. The certificate may be used to verify that the public key belongs to the intended recipient of the sender's message.
To allow an organization to revoke the secure email privileges of an employee when the employee no longer works for the organization, some organizations may arrange to have the public keys of all of their employees automatically expire at the end of each day. New public keys for the current employees may be generated each day. The new public keys may be made publicly available by placing them on a public key server.
Because encryption using public-key encryption algorithms is computationally intensive, some systems allow users to use public-key encryption to securely exchange a shared symmetric key. The symmetric key may then be used to support a secure communication session.
With public key encryption systems, a sender must obtain the public key of a message recipient before the sender can encrypt a message. A sender may be traveling with a portable computer and may desire to respond to an email message that has been temporarily stored on the computer. If the sender does not already have a copy of the public key of the person who sent the message, the sender must obtain that public key from a public key server. However, the sender's portable computer may not be on-line when the sender desires to compose the response to the email. The sender will therefore not be able to access an on-line public key server and may be unable to encrypt the message as soon as it is composed. Because the sender's computer may be at risk of being stolen, the unencrypted message on the computer may be susceptible to interception.
Identity-based encryption schemes work differently than public-key systems. With an identity-based encryption system, senders and receivers communicate securely using public parameters and private keys. Each user has a unique private key based on the user's identity for decrypting messages, but a single set of public parameters (used during the encryption and decryption processes) may be shared by many users.
With one suitable arrangement, a user's email address or a user's email address concatenated with a date stamp may be used to identify each user. With this approach, senders who are currently off-line and who would therefore be unable to access a public key server, may still immediately encrypt sensitive messages if they have access to the public parameters of the user. Because all of the users in an organization may share the same set of public parameters, senders may often have access to the correct public parameters to use for a given recipient, even if the sender has never communicated with that receiver before. When network access is available, the encrypted message may be transmitted to the receiver. Receivers can decrypt messages using their private keys.
In an identity-based cryptographic system, private keys may be generated by a private key generator. The private key generator uses secret information (i.e., a so-called “master secret”) as an input when generating the private keys. The security of the system rests on the ability of the organization holding the master secret to maintain its secrecy.
Because of the importance of maintaining the secrecy of the master secret in identity-based cryptographic systems, certain organizations may be unwilling to entrust custodial responsibility for the master secret to third parties. However, if multiple organizations run separate identity-based encryption systems with different master secrets, it may be difficult for users associated with different organizations to communicate with each other.